CVE-2026-1411 - Vulnerability Details

- Beetel 777VR1 UART access control

Description

A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-01-26

Score: 5.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw lies within an unknown UART interface function in the Beetel 777VR1 firmware up to 01.00.09/01.00.09_55, producing improper access controls. An attacker who can physically reach the device could manipulate the UART interface, bypassing the intended protection and allowing unauthorized configuration changes, data extraction, or other disruptive actions. The description indicates that the attack requires physical proximity; the likely attack vector is therefore inferred to be on‑site manipulation of the UART port rather than remote exploitation.

Affected Systems

The affected hardware is the Beetel 777VR1 microcontroller‑based device. Firmware versions up to 01.00.09/01.00.09_55 are susceptible; no other products or firmware revisions are listed in the CNA data.

Risk and Exploitability

The CVSS score of 5.4 denotes moderate severity, and the EPSS value of less than 1 % suggests exploitation is presently unlikely. The vulnerability is not catalogued in the CISA KEV list. Because the exploit requires physical access and a relatively high level of complexity, the threat is constrained to environments where an attacker can reach the UART port and has the technical skill to craft the manipulation. With no vendor patch currently available, the best defenses center on restricting physical access, disabling the interface when not required, and monitoring for anomalous UART activity.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Beetel

777VR1

affected

Version	Status	Constraints
`01.00.09`	affected	—
`01.00.09_55`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:beetel:777vr1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:beetel:777vr1:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Beetel	777vr1	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Ensure the device is stored in a secure environment to prevent unauthorized physical access.
If a firmware update that addresses the vulnerability is available, upgrade the Beetel 777VR1 to the latest version.
Disable or lock the UART interface if it is not required for normal operation, limiting its exposure.
Monitor device logs for unauthorized UART activity and enforce role‑based access control for device management.

Generated by OpenCVE AI on April 18, 2026 at 15:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Physical

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Physical

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Physical

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity High

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://gist.github.com/raghav20232023/ea6adcd6d1eca35683570a1094164bd3
https://vuldb.com/?ctiid.342800
https://vuldb.com/?id.342800
https://vuldb.com/?submit.740674

History

Fri, 30 Jan 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beetel 777vr1 Firmware
CPEs		cpe:2.3:h:beetel:777vr1:-:::::::* cpe:2.3:o:beetel:777vr1_firmware::::::::
Vendors & Products		Beetel 777vr1 Firmware

Mon, 26 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 26 Jan 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beetel Beetel 777vr1
Vendors & Products		Beetel Beetel 777vr1

Mon, 26 Jan 2026 01:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Beetel 777VR1 UART access control
Weaknesses		CWE-266 CWE-284
References		https://gist.github.com/raghav20232023/ea6adcd6d1eca35683570a1094164bd3 https://vuldb.com/?ctiid.342800 https://vuldb.com/?id.342800 https://vuldb.com/?submit.740674
Metrics		cvssV2_0 `{'score': 5.9, 'vector': 'AV:L/AC:H/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.1, 'vector': 'CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.4, 'vector': 'CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Beetel 777vr1 777vr1 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-26T00:32:06.281Z

Updated: 2026-02-23T08:54:50.445Z

Reserved: 2026-01-25T09:43:14.850Z

Link: CVE-2026-1411

Vulnrichment

Updated: 2026-01-26T17:28:59.316Z

NVD

Status : Analyzed

Published: 2026-01-26T01:15:49.363

Modified: 2026-01-30T20:19:25.920

Link: CVE-2026-1411

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T15:15:03Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Physical

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Physical

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Physical

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity High

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object